Mobile health apps are a popular way to track personal information for overall health and fitness as well as specific medical conditions. But new research suggests they may pose some serious privacy concerns.
The study, published today in the Journal of the American Medical Association, found that many health apps transmit sensitive medical information, such as disease status and medication compliance, to third parties, including aggregators and advertising networks.
For the study, researchers from the Illinois Institute of Technology Chicago-Kent College of Law identified all available Android diabetes apps and collected and analyzed their privacy policies and permissions. Apps for Apple devices were not included in the study.
The authors installed a random selection of the apps to determine whether data were transmitted to third parties, defined as any website not directly under the developer's control.
After six months, 211 of the apps remained available. The authors found the majority of these apps -- over 80 percent -- had no privacy policies at all. Of the 41 apps that did have privacy policies, not all of the provisions actually protected privacy. For example, more than 80 percent collected user data and almost 50 percent shared data.
Only four policies said they would ask users for permission to share data.
The authors conducted another analysis that included 65 diabetes apps, which found that sensitive information -- including insulin and blood glucose levels -- was routinely collected and shared with third parties.
The authors note that the sharing of sensitive health information by apps is generally not prohibited by law and patients should be aware and consider the potential risks when using them.